Yes, blockchains are likely to reshape our economy, or a huge part of it, and benefit considerably those who are currently unbanked.

They might also facilitate the creation of rating/reputation systems that are not controlled by any single entity and thus allow people (say Uber drivers who’d like to work for Lyft) to switch employers without having to establish their credibility anew.

They might give users complete control over their assets; protect them, to a degree, from being robbed and provide tools to sustain privacy even when a state-level actor – a bank or a government – is after their identity.

But before these things start to happen the issues of privacy and security, which are currently pressing on blockchains, must be dealt with.

In this article, we’ll discuss how some major networks are trying to tackle the problems of safety and dispense advice to those using decentralized ledgers as to how to keep their assets protected at all times.

Let’s get started!

The concept we should introduce first before we proceed to talk about security is that of digital wallets.

In layman’s terms, a wallet is a software program in which public and private keys are stored. After accessing it, one could manage the crypto assets it contains, and carry out, seamlessly, all sorts of transactions.

Currently, there are four types of digital wallets in the blockchain ecosystem – desktop, web, mobile, and hardware ones. And to protect them, users encrypt the wallets with long, complicated passwords.

So, what might go wrong?

In 2011, a member of bitcointalk forum (someone “allinvain”) wrote a panicky post – a cry for help – to his fellow forum members after finding out that he’d been hacked and robbed of 25,000 BTC (which now, in October 2017, would be worth about $150m).

Evidently, the attacker had managed to gain access to allinvein’s PC and had, somehow, emptied out his digital wallet. He (or she) had either sent the transaction directly from the victim’s machine or copied the wallet.dat file and ran it from his (or her) own.

The vulnerability that made the theft possible lay with blockchain.info mobile app; it had to do with the user’s rooting his Android phone.

Generally, when one attempts to enter their blockchain.info wallet (from a desktop computer) they are asked to type in two passwords – a long one (16-20 digits) to access the entire wallet, and a shorter one (typically 8 digits) to get ahold of private keys.

However, since typing lengthy passwords is tiresome on a smartphone, the wallet app will often have it memorized, and only require you to enter the second one.

Therefore, if someone hacks into your phone, the one that’s been rooted, they might find out where the main password is stored and decrypt it. Afterward, they can crack the second PIN code (hackers often use GPU or cloud-based computing clusters to brute force an 8 digit password promptly) and gain complete control over your wallet.

A few smart contracts on Ethereum, the second largest blockchain in the world, were attacked as well..

Ethereum isn’t just a cryptocurrency. It is also a platform on which one could build decentralized apps.

The software that’s hosted on the network, therefore, must be designed impeccably: its code must contain zero vulnerabilities. Or else, it’s bound to fall prey to clever attackers.

Here are some famous (or should we say infamous) instances of hacking on the Ethereum network:

The DAO hack. One of the first major ICOs had a bug in its smart contract, of which attackers took advantage. Nearly $50m worth of ether was stolen and, though the assets were eventually returned to the DAO token holders (the blockchain developers performed a hard-fork), the hack led to a network split.

The Parity hack. The second biggest hack in the history of Ethereum happened a few months ago and resulted in a 153,037 ETH loss (~$32m at the time of theft). The vulnerability, which hackers managed to exploit, lay in the source code which Parity, a wallet “vendor” on Ethereum, had been giving out to users who wanted to create a personal multi-sig wallet.

We won’t be delving deeply into the technical aspects of the robbery; we’ll just say that, in a nutshell, bad actors sent two transactions to the affected contracts – one to obtain ownership of the wallets and another to drain them; they were able to do so due to a tiny flaw in the multi-sigs’ code.

The weak spot, according to the Parity blog, had been fixed; the new, improved version of their implementation of a multi-sig wallet was deployed after June 20.

But on November 8, just a few months later, it, too, got hacked due to a bug in the multi-sig’s code.This time, the loss of funds amounted to ~$155m worth of Ether.

Both Parity and Ethereum itself have yet to make a decision as to how to return the funds to rightful owners. Most likely, we’ll see another fork.

But, as of now, things are still a bit unclear.

How Can Developers Improve Security on Blockchains?ZKP protocols

Since security on public networks depends largely on whether private data is accessed by a malicious actor or not, some major blockchains are planning to adopt something known as zero-knowledge proof (ZKP) protocols.

To understand what ZKP is, imagine this: you’re at a bar, your phone has just died; you’re standing alone, sipping at a cocktail, when, suddenly, a guy shows up from nowhere and starts talking, anxiously, about how your close friend has gotten in some serious trouble.

He invites you to walk a few blocks with him, to the place where she’s currently at, so you can rescue her together. And says persuasively that there’s no time left for stalling.

You realize you’ve never met the guy, but, again, your phone is shut off, there’s no way of finding out whether he’s telling the truth and, frankly, you are worried.

So, what do you do?

Well, you could interrogate him. Ask specific and complicated questions – the ones only a person who has really seen her would be able to answer – and keep requesting more info, again and again, until it’s clear to you that he’s not lying.

In this equation you are the verifier whose making a prover, the other participant in the interaction, jump through hoops to convince you of the validity of his claims. He can’t transmit a memory of meeting your friend from his head to yours – he’s no telepath – so answering correctly to your questions, which you’re making up on the spot, is the only way to make you believe him. This is, essentially, how ZKP works.

In the world of blockchains, a prover isn’t incapable of disclosing sensitive information; he’s just not willing to. He wants to indicate, for example, that a certain transaction has taken place and keep in secret the transaction details. He wants to establish privacy and thus ensure security.

Such level of confidentiality is precisely what Zcash, along with some other blockchain applications, is meant to provide. And after ZKP is adopted widely, experts say, the number of malicious activities on distributed networks will drastically drop.

Formal verification

The smallest bug in an otherwise perfectly written smart contract can still lead to substantial losses – the Parity incident has proved that vividly.

Therefore, having a system on blockchains that checks if a piece of software does what it claims to do, and scans whether its code is buggy, would potentially prevent a great deal of smart contract hacking.

The idea behind this concept comes from math, and it is called formal verification.

Blockchain networks, huge and small ones, are now thinking to launch a piece of code that can formally verify, with mathematical proof, that other pieces of code satisfy predefined fairness properties.

Tezos, for example, a project that has recently raised over $200m via an ICO, is a smart contract technology that’s meant to facilitate formal verification.

And if it succeeds in doing so – if it creates a system that will prevent software with poorly written code from ever being deployed – that might become a game changer for the entire blockchain world.

Summing upDecentralization has its flaws; the complete security and privacy are yet to be achieved.

It doesn’t mean, however, that blockchains are unsafe: substantial progress has been made already in the security area and clever developers keep on improving the technology on a regular basis.

The losses, which are, of course, no insignificant ones, still don’t approach even closely the amounts of money that have been stolen from centralized value storages such as banks and centralized exchanges. And, if anything, the trust in blockchains has now even grown. Ethereum, which used to be perceived as Bitcoin’s less celebrated cousin, could soon be worth more than Silicon Valley. So there’s every reason for blockchain enthusiasts to be optimistic.

If you’d like to learn more about privacy and security on blockchains, please contact our expert – a wise and cheerful man – to get a free consultation.

DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the conference tracks for CloudEXPO|DXWorldEXPO 2018 New York.

DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018will be held November 11-13, 2018, in New York City.

Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.

A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.

DXWorldEXPO | CloudEXPO 2018 New Yorkcover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 200 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor brings together the world's leading companies throughout the world of Cloud Computing, DevOps, FinTech, Digital Transformation, and all they entail.

As your enterprise creates a vision and strategy that enables you to create your own unique, long-term success, learning about all the technologies involved is essential. Companies today not only form multi-cloud and hybrid cloud architectures, but create them with built-in cognitive capabilities.

Cloud-Native thinking is now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector.

CloudEXPO is the world's most influential technology event where Cloud Computing was coined over a decade ago and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals.

FinTech Is Now Part of the DXWorldEXPO | CloudEXPO Program!

Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses.

Accordingly, attendees at the upcoming 22nd CloudEXPO | DXWorldEXPONovember 11-13, 2018 in New York City will find fresh new content in two new tracks called:

FinTechEXPO

New York Blockchain Event

which will incorporate FinTech and Blockchain, as well as machine learning, artificial intelligence and deep learningin these two distinct tracks.

FinTech brings efficiency as well as the ability to deliver new services and a much improved customer experience throughout the global financial services industry. FinTech is a natural fit with cloud computing, as new services are quickly developed, deployed, and scaled on public, private, and hybrid clouds.

More than US$20 billion in venture capital is being invested in FinTech this year. DXWorldEXPO | CloudEXPOare pleased to bring you the latest FinTech developments as an integral part of our program.

22nd International DXWorldEXPO | CloudEXPO, taking place November 11-13, 2018, in New York City, will feature technical sessions from a rock star conference faculty and the leading industry players in the world.

Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS - software, platform, and infrastructure as a service.

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers.

Companies are each developing their unique mix of cloud technologies and services, forming multi-cloud and hybrid cloud architectures and deployments across all major industries. Cloud-driven thinking has become the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, and the public sector.

Sponsorship Opportunities

DXWorldEXPO | CloudEXPO are the single show where technology buyers and vendors can meet to experience and discus cloud computing and all that it entails. Sponsors of DXWorldEXPO | CloudEXPO will benefit from unmatched branding, profile building and lead generation opportunities through:

Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.

Showcase exhibition during our new extended dedicated expo hours

Breakout Session Priority scheduling for Sponsors that have been guaranteed a 35-minute technical session

DXWorldEXPO LLC is a Lighthouse Point, Florida-based trade show company and the creator of DXWorldEXPO - Digital Transformation Conference & Expo. The company produces and presents CloudEXPO, DevOpsSummit, FinTechEXPO - Blockchain Event, the world's most influential conferences and trade shows.

@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in multiple vertical markets. Our delegate profiles can be located in our show prospectus.

In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundation of software-defined infrastructure, Nutanix has rapidly expanded into full application lifecycle management across any infrastructure or cloud .Join us as we delve into how the Nutanix Developer Stack makes it easy to build hybrid cloud applications by weaving DBaaS, micro segmentation, event driven lifecycle operations, and both financial and cloud governance together into a single unified st...

"Cloud computing is certainly changing how people consume storage, how they use it, and what they use it for. It's also making people rethink how they architect their environment," stated Brad Winett, Senior Technologist for DDN Storage, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.

Sold by Nutanix, Nutanix Mine with Veeam can be deployed in minutes and simplifies the full lifecycle of data backup operations, including on-going management, scaling and troubleshooting. The offering combines highly-efficient storage working in concert with Veeam Backup and Replication, helping customers achieve comprehensive data protection for all their workloads — virtual, physical and private cloud —to meet increasing business demands for uptime and productivity.

While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity.
In his session at @ThingsExpo, Jim Frey, Vice President of Strategic Alliances at Kentik, discussed tactics and tools to bridge the gap between IoT project teams and the network planning and operations functions that play a significant role in project success.

@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in multiple vertical markets. Our delegate profiles can be located in our show prospectus.

In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundation of software-defined infrastructure, Nutanix has rapidly expanded into full application lifecycle management across any infrastructure or cloud .Join us as we delve into how the Nutanix Developer Stack makes it easy to build hybrid cloud applications by weaving DBaaS, micro segmentation, event driven lifecycle operations, and both financial and cloud governance together into a single unified stack.

@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhi...

In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The de...

TCP (Transmission Control Protocol) is a common and reliable transmission protocol on the Internet. TCP was introduced in the 70s by Stanford University for US Defense to establish connectivity between distributed systems to maintain a backup of defense information. At the time, TCP was introduced to communicate amongst a selected set of devices for a smaller dataset over shorter distances. As the...

Sold by Nutanix, Nutanix Mine with Veeam can be deployed in minutes and simplifies the full lifecycle of data backup operations, including on-going management, scaling and troubleshooting. The offering combines highly-efficient storage working in concert with Veeam Backup and Replication, helping customers achieve comprehensive data protection for all their workloads — virtual, physical and privat...

While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improvi...

DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their D...

According to the IDC InfoBrief, Sponsored by Nutanix, “Surviving and Thriving in a Multi-cloud World,” multicloud deployments are now the norm for enterprise organizations – less than 30% of customers report using single cloud environments. Most customers leverage different cloud platforms across multiple service providers. The interoperability of data and applications between these varied cloud e...

"At the keynote this morning we spoke about the value proposition of Nutanix, of having a DevOps culture and a mindset, and the business outcomes of achieving agility and scale, which everybody here is trying to accomplish," noted Mark Lavi, DevOps Solution Architect at Nutanix, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York ...

Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the pr...

"NetApp's vision is how we help organizations manage data - delivering the right data in the right place, in the right time, to the people who need it, and doing it agnostic to what the platform is," explained Josh Atwell, Developer Advocate for NetApp, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.

The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environm...

"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.

Cloud computing budgets worldwide are reaching into the hundreds of billions of dollars, and no organization can survive long without some sort of cloud migration strategy. Each month brings new announcements, use cases, and success stories.